Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.
This Policy Insurance does cover :
- Data breach or Distributed Denial of Service (DDOS) attack that brings down your network
- Malware infection that spreads through devices connected to your network, making it impossible to operate
- Extortion demands made by bad actors holding sensitive information they are threatening to expose
- Ransomware demands that lock up devices and threaten to leak sensitive data
- Business-email compromise resulting in sharing sensitive information
- Liabilities associated with contractual obligations, including within the payment card industry (PCI) Fines & Penalties
- Defending against class-action lawsuits and paying settlements
- Legal expenses, fines, and penalties associated with regulatory investigations
- Lost business profits, accrued expenses, and extra costs while actively experiencing a cyber incident, either due to malicious hack or human error
- Media liability associated with infringement and other content that is electronically disseminated
- Losses due to social engineering fraud tricking you or your employees into sending funds you shouldn’t have
- The business profit lost due to reputational damage to your brand soon following a publicized cyber attack
- For many of the scenarios above, these can also be triggered by trusted third-party vendors whom you are sharing data with and/or rely on for critical business operations.
Object of Insurance
Cyber risk insurance covers a common set of scenarios, but there are situations where an organization can still be exposed. Most insurers offer similar coverage options, however a few offer less-common ones. Here is a breakdown of what is covered, and not covered, with cyber risk insurance.
Common exclusions in cyber risk insurance. The exclusions in cyber insurance policies are as follows:
- Patent, software, and copyright infringement.
- Wars and invasions.
- Lack of security measures.
- Injuries and damages.
- Loss of electronic device.
- Vicarious liability.
- Government entity or public authority.
The insurance can be extended to cover the following at an additional rate:
- Notification Costs:
This expense is significant because the company bears the burden of both identifying potential victims, which requires an internal investigation, and providing notification that’s reasonably calculated to give actual notice.
- Credit Monitoring:
In effect, your cyber insurance policy pays for victims’ insurance policies. Regulators usually dictate the kind of credit monitoring to provide and it’s a safe bet they will not be satisfied with the cheapest available protection.
- Civil Damages:
Most of these liability lawsuits are class actions, with hundreds of thousands of dollars in damages at a minimum, even for a very small company.
- Computer Forensics:
This covers costs to hire computer forensics consultants working under the direction of your attorneys to determine whether a data breach occurred, to contain and prevent further damage, and to investigate the cause and scope of the breach.
- Reputational Damage:
Data breaches can have profound PR implications for any business. A preferred policy will help you handle the potential fallout by covering the damages stemming from brand aversion due to a cyber incident for a certain amount of time after the breach. It can also help mitigate the potential cost by paying for PR management experts
Minimum Data Requirement
There are six things its underwriters look for when pricing cyber insurance policies:
- Close unused remote desktop protocol ports
- Use multifactor authentication
- Have a data management strategy
- Run endpoint detection and response
- Segregate backup data from main network
- Make risk management a priority
Other underwriting factors Cyber insurance underwriters will also look at the following:
- Any policies and procedures you have in place in terms of cyber risk management.
- If you have a key person in charge of these policies.
- And that the key person knows about the different kinds of data you are storing, and how it is stored.
Once you discover any peril covered under this policy, please do make an internal investigation report and share it to us.
Once you identify the problem and make require to involve an expert to solve the matter, you may ask Insurer’s approval in respect to expert fee and/or other expenses and/or compensation.
The Insurer may appoint an expert and/or forensic to verify the loss.
- Claim form- duly filled and signed
- FIR copy
- Copies of legal notice
- Copies of summonses from any court